Create Limits for the confidential-http capability #1810
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
prashantkumar1982
temporarily deployed
to
integration
GitHub Actions
Inactive
prashantkumar1982
temporarily deployed
to
integration
GitHub Actions
Inactive
prashantkumar1982
temporarily deployed
to
integration
GitHub Actions
Inactive
✅ API Diff Results - No breaking changes |
…common into confidential-http-limits
prashantkumar1982
temporarily deployed
to
integration
GitHub Actions
Inactive
prashantkumar1982
temporarily deployed
to
integration
GitHub Actions
Inactive
prashantkumar1982
temporarily deployed
to
integration
GitHub Actions
Inactive
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds per-workflow limit settings for the ConfidentialHTTP capability, mirroring the existing HTTPAction limits so that confidential HTTP calls are governed by the same configuration framework.
Changes:
- Extend the
Workflowsschema with a newConfidentialHTTPsection and correspondingconfidentialHttpstruct, defining call limit, connection timeout, and request/response size limits. - Update default configuration sources (
defaults.toml,defaults.json) to includePerWorkflow.ConfidentialHTTPdefaults aligned withHTTPAction. - Update tests and the README’s limits diagram to cover and document the new
ConfidentialHTTPsettings.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
pkg/settings/cresettings/settings.go |
Adds ConfidentialHTTP to the Workflows schema and defines the confidentialHttp struct and its default values, paralleling HTTPAction. |
pkg/settings/cresettings/settings_test.go |
Extends the schema unmarshal test to include ConfidentialHTTP config and asserts its default call and request size limits. |
pkg/settings/cresettings/defaults.toml |
Adds a [PerWorkflow.ConfidentialHTTP] block with default call, timeout, and size limits. |
pkg/settings/cresettings/defaults.json |
Adds a PerWorkflow.ConfidentialHTTP object mirroring the TOML defaults. |
pkg/settings/cresettings/README.md |
Updates the Mermaid limits diagram to include a PerWorkflow.ConfidentialHTTP subgraph and its bounds. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "CallLimit": "5", | ||
| "ConnectionTimeout": "10s", | ||
| "RequestSizeLimit": "10kb", | ||
| "ResponseSizeLimit": "100kb" |
There was a problem hiding this comment.
The indentation on this JSON line is inconsistent with the surrounding block (it appears to use different spacing than the other key/value lines), which makes the embedded defaults harder to read and maintain. Please align the indentation with the other fields in this object for consistency.
jmank88
reviewed
Jan 30, 2026
pkg/settings/cresettings/settings.go
Outdated
| RequestSizeLimit Setting[config.Size] | ||
| ResponseSizeLimit Setting[config.Size] | ||
| } | ||
| type confidentialHttp struct { |
Contributor
There was a problem hiding this comment.
Suggested change
| type confidentialHttp struct { | |
| type confidentialHTTP struct { |
jmank88
reviewed
Jan 30, 2026
pkg/settings/cresettings/settings.go
Outdated
| ChainRead chainRead | ||
| Consensus consensus | ||
| HTTPAction httpAction | ||
| ConfidentialHTTP confidentialHttp |
Contributor
There was a problem hiding this comment.
Would it make sense to swap the words so it groups with HTTP? 🤷
Suggested change
| ConfidentialHTTP confidentialHttp | |
| HTTPConfidential confidentialHttp |
Or would another sub-type like HTTPAction.Confidential make sense?
I don't feel strongly about either. Just exploring options.
vreff
previously approved these changes
Jan 30, 2026
prashantkumar1982
temporarily deployed
to
integration
GitHub Actions
Inactive
prashantkumar1982
temporarily deployed
to
integration
GitHub Actions
Inactive
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The limits just mirror what's there for http-actions capability.